

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

    <title>saml2.auth &mdash; SAML Python library classes and methods</title>

    <link rel="stylesheet" href="../../_static/default.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />

    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    '../../',
        VERSION:     '',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true
      };
    </script>
    <script type="text/javascript" src="../../_static/jquery.js"></script>
    <script type="text/javascript" src="../../_static/underscore.js"></script>
    <script type="text/javascript" src="../../_static/doctools.js"></script>
    <link rel="top" title="SAML Python library classes and methods" href="../../index.html" />
    <link rel="up" title="Class code" href="../index.html" />
  </head>
  <body>
    <div class="related">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="../../genindex.html" title="General Index"
             accesskey="I">index</a></li>
        <li class="right" >
          <a href="../../py-modindex.html" title="Python Class Index"
             >modules</a> |</li>
        <li><a href="../../index.html">SAML Python library classes and methods</a> &raquo;</li>
          <li><a href="../index.html" accesskey="U">Class code</a> &raquo;</li>
      </ul>
    </div>

    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body">

  <h1>Source code for saml2.auth</h1><div class="highlight"><pre>
<span class="c"># -*- coding: utf-8 -*-</span>


<span class="kn">from</span> <span class="nn">base64</span> <span class="kn">import</span> <span class="n">b64encode</span>
<span class="kn">from</span> <span class="nn">urllib</span> <span class="kn">import</span> <span class="n">urlencode</span><span class="p">,</span> <span class="n">quote</span>
<span class="kn">from</span> <span class="nn">xml.etree.ElementTree</span> <span class="kn">import</span> <span class="n">tostring</span>

<span class="kn">import</span> <span class="nn">dm.xmlsec.binding</span> <span class="kn">as</span> <span class="nn">xmlsec</span>

<span class="kn">from</span> <span class="nn">saml2.settings</span> <span class="kn">import</span> <span class="n">OneLogin_Saml2_Settings</span>
<span class="kn">from</span> <span class="nn">saml2.response</span> <span class="kn">import</span> <span class="n">OneLogin_Saml2_Response</span>
<span class="kn">from</span> <span class="nn">saml2.errors</span> <span class="kn">import</span> <span class="n">OneLogin_Saml2_Error</span>
<span class="kn">from</span> <span class="nn">saml2.logout_response</span> <span class="kn">import</span> <span class="n">OneLogin_Saml2_Logout_Response</span>
<span class="kn">from</span> <span class="nn">saml2.constants</span> <span class="kn">import</span> <span class="n">OneLogin_Saml2_Constants</span>
<span class="kn">from</span> <span class="nn">saml2.utils</span> <span class="kn">import</span> <span class="n">OneLogin_Saml2_Utils</span>
<span class="kn">from</span> <span class="nn">saml2.logout_request</span> <span class="kn">import</span> <span class="n">OneLogin_Saml2_Logout_Request</span>
<span class="kn">from</span> <span class="nn">saml2.authn_request</span> <span class="kn">import</span> <span class="n">OneLogin_Saml2_Authn_Request</span>


<div class="viewcode-block" id="OneLogin_Saml2_Auth"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth">[docs]</a><span class="k">class</span> <span class="nc">OneLogin_Saml2_Auth</span><span class="p">(</span><span class="nb">object</span><span class="p">):</span>

    <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">request_data</span><span class="p">,</span> <span class="n">old_settings</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Initializes the SP SAML instance.</span>

<span class="sd">        Arguments are:</span>
<span class="sd">            * (dict)   old_settings. Setting data</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span> <span class="o">=</span> <span class="n">request_data</span>
        <span class="bp">self</span><span class="o">.</span><span class="n">__settings</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Settings</span><span class="p">(</span><span class="n">old_settings</span><span class="p">)</span>
        <span class="bp">self</span><span class="o">.</span><span class="n">__attributes</span> <span class="o">=</span> <span class="p">[]</span>
        <span class="bp">self</span><span class="o">.</span><span class="n">__nameid</span> <span class="o">=</span> <span class="s">&#39;&#39;</span>
        <span class="bp">self</span><span class="o">.</span><span class="n">__authenticated</span> <span class="o">=</span> <span class="bp">False</span>
        <span class="bp">self</span><span class="o">.</span><span class="n">__errors</span> <span class="o">=</span> <span class="p">[]</span>

<div class="viewcode-block" id="OneLogin_Saml2_Auth.get_settings"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.get_settings">[docs]</a>    <span class="k">def</span> <span class="nf">get_settings</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Returns the settings info</span>
<span class="sd">        :return: Setting info</span>
<span class="sd">        :rtype: OneLogin_Saml2_Setting object</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">__settings</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.set_strict"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.set_strict">[docs]</a>    <span class="k">def</span> <span class="nf">set_strict</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Set the strict mode active/disable</span>

<span class="sd">        :param value:</span>
<span class="sd">        :type value: bool</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="k">assert</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">value</span><span class="p">,</span> <span class="nb">bool</span><span class="p">)</span>
        <span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="o">.</span><span class="n">set_strict</span><span class="p">(</span><span class="n">value</span><span class="p">)</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.process_response"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.process_response">[docs]</a>    <span class="k">def</span> <span class="nf">process_response</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">request_id</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Process the SAML Response sent by the IdP.</span>

<span class="sd">        :param request_id: Is an optional argument. Is the ID of the AuthNRequest sent by this SP to the IdP.</span>
<span class="sd">        :type request_id: string</span>

<span class="sd">        :raises: OneLogin_Saml2_Error.SAML_RESPONSE_NOT_FOUND, when a POST with a SAMLResponse is not found</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="bp">self</span><span class="o">.</span><span class="n">__errors</span> <span class="o">=</span> <span class="p">[]</span>

        <span class="k">if</span> <span class="s">&#39;post_data&#39;</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span> <span class="ow">and</span> <span class="s">&#39;SAMLResponse&#39;</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">[</span><span class="s">&#39;post_data&#39;</span><span class="p">]:</span>
            <span class="c"># AuthnResponse -- HTTP_POST Binding</span>
            <span class="n">response</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Response</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">[</span><span class="s">&#39;post_data&#39;</span><span class="p">][</span><span class="s">&#39;SAMLResponse&#39;</span><span class="p">])</span>

            <span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">is_valid</span><span class="p">(</span><span class="n">request_id</span><span class="p">):</span>
                <span class="bp">self</span><span class="o">.</span><span class="n">__attributes</span> <span class="o">=</span> <span class="n">response</span><span class="o">.</span><span class="n">get_attributes</span><span class="p">()</span>
                <span class="bp">self</span><span class="o">.</span><span class="n">__nameid</span> <span class="o">=</span> <span class="n">response</span><span class="o">.</span><span class="n">get_nameid</span><span class="p">()</span>
                <span class="bp">self</span><span class="o">.</span><span class="n">__authenticated</span> <span class="o">=</span> <span class="bp">True</span>
            <span class="k">else</span><span class="p">:</span>
                <span class="bp">self</span><span class="o">.</span><span class="n">__errors</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">&#39;invalid_response&#39;</span><span class="p">)</span>

        <span class="k">else</span><span class="p">:</span>
            <span class="bp">self</span><span class="o">.</span><span class="n">__errors</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">&#39;invalid_binding&#39;</span><span class="p">)</span>
            <span class="k">raise</span> <span class="n">OneLogin_Saml2_Error</span><span class="p">(</span>
                <span class="s">&#39;SAML Response not found, Only supported HTTP_POST Binding&#39;</span><span class="p">,</span>
                <span class="n">OneLogin_Saml2_Error</span><span class="o">.</span><span class="n">SAML_RESPONSE_NOT_FOUND</span>
            <span class="p">)</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.process_slo"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.process_slo">[docs]</a>    <span class="k">def</span> <span class="nf">process_slo</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">keep_local_session</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">request_id</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">delete_session_cb</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Process the SAML Logout Response / Logout Request sent by the IdP.</span>

<span class="sd">        :param keep_local_session: When false will destroy the local session, otherwise will destroy it</span>
<span class="sd">        :type keep_local_session: bool</span>

<span class="sd">        :param request_id: The ID of the LogoutRequest sent by this SP to the IdP</span>
<span class="sd">        :type request_id: string</span>

<span class="sd">        :returns: Redirection url</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="bp">self</span><span class="o">.</span><span class="n">__errors</span> <span class="o">=</span> <span class="p">[]</span>

        <span class="k">if</span> <span class="s">&#39;get_data&#39;</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span> <span class="ow">and</span> <span class="s">&#39;SAMLResponse&#39;</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">[</span><span class="s">&#39;get_data&#39;</span><span class="p">]:</span>
            <span class="n">logout_response</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Logout_Response</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">[</span><span class="s">&#39;get_data&#39;</span><span class="p">][</span><span class="s">&#39;SAMLResponse&#39;</span><span class="p">])</span>
            <span class="k">if</span> <span class="ow">not</span> <span class="n">logout_response</span><span class="o">.</span><span class="n">is_valid</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">,</span> <span class="n">request_id</span><span class="p">):</span>
                <span class="bp">self</span><span class="o">.</span><span class="n">__errors</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">&#39;invalid_logout_response&#39;</span><span class="p">)</span>
            <span class="k">elif</span> <span class="n">logout_response</span><span class="o">.</span><span class="n">get_status</span><span class="p">()</span> <span class="o">!=</span> <span class="n">OneLogin_Saml2_Constants</span><span class="o">.</span><span class="n">STATUS_SUCCESS</span><span class="p">:</span>
                <span class="bp">self</span><span class="o">.</span><span class="n">__errors</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">&#39;logout_not_success&#39;</span><span class="p">)</span>
            <span class="k">elif</span> <span class="ow">not</span> <span class="n">keep_local_session</span><span class="p">:</span>
                <span class="n">OneLogin_Saml2_Utils</span><span class="o">.</span><span class="n">delete_local_session</span><span class="p">(</span><span class="n">delete_session_cb</span><span class="p">)</span>

        <span class="k">elif</span> <span class="s">&#39;get_data&#39;</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span> <span class="ow">and</span> <span class="s">&#39;SAMLRequest&#39;</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">[</span><span class="s">&#39;get_data&#39;</span><span class="p">]:</span>
            <span class="n">request</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Utils</span><span class="o">.</span><span class="n">decode_base64_and_inflate</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">[</span><span class="s">&#39;get_data&#39;</span><span class="p">][</span><span class="s">&#39;SAMLRequest&#39;</span><span class="p">])</span>
            <span class="k">if</span> <span class="ow">not</span> <span class="n">OneLogin_Saml2_Logout_Request</span><span class="o">.</span><span class="n">is_valid</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">):</span>
                <span class="bp">self</span><span class="o">.</span><span class="n">__errors</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">&#39;invalid_logout_request&#39;</span><span class="p">)</span>
            <span class="k">else</span><span class="p">:</span>
                <span class="k">if</span> <span class="ow">not</span> <span class="n">keep_local_session</span><span class="p">:</span>
                    <span class="n">OneLogin_Saml2_Utils</span><span class="o">.</span><span class="n">delete_local_session</span><span class="p">(</span><span class="n">delete_session_cb</span><span class="p">)</span>

                <span class="n">in_response_to</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Logout_Request</span><span class="o">.</span><span class="n">get_id</span><span class="p">(</span><span class="n">request</span><span class="p">)</span>
                <span class="n">response_builder</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Logout_Response</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="p">)</span>
                <span class="n">response_builder</span><span class="o">.</span><span class="n">build</span><span class="p">(</span><span class="n">in_response_to</span><span class="p">)</span>
                <span class="n">logout_response</span> <span class="o">=</span> <span class="n">response_builder</span><span class="o">.</span><span class="n">get_response</span><span class="p">()</span>

                <span class="n">parameters</span> <span class="o">=</span> <span class="p">{</span><span class="s">&#39;SAMLResponse&#39;</span><span class="p">:</span> <span class="n">logout_response</span><span class="p">}</span>
                <span class="k">if</span> <span class="s">&#39;RelayState&#39;</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">[</span><span class="s">&#39;get_data&#39;</span><span class="p">]:</span>
                    <span class="n">parameters</span><span class="p">[</span><span class="s">&#39;RelayState&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">[</span><span class="s">&#39;get_data&#39;</span><span class="p">][</span><span class="s">&#39;RelayState&#39;</span><span class="p">]</span>

                <span class="n">security</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="o">.</span><span class="n">get_security_data</span><span class="p">()</span>
                <span class="k">if</span> <span class="s">&#39;logoutResponseSigned&#39;</span> <span class="ow">in</span> <span class="n">security</span> <span class="ow">and</span> <span class="n">security</span><span class="p">[</span><span class="s">&#39;logoutResponseSigned&#39;</span><span class="p">]:</span>
                    <span class="n">signature</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">build_response_signature</span><span class="p">(</span><span class="n">logout_response</span><span class="p">,</span> <span class="n">parameters</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">&#39;RelayState&#39;</span><span class="p">,</span> <span class="bp">None</span><span class="p">))</span>
                    <span class="n">parameters</span><span class="p">[</span><span class="s">&#39;SigAlg&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Constants</span><span class="o">.</span><span class="n">RSA_SHA1</span>
                    <span class="n">parameters</span><span class="p">[</span><span class="s">&#39;Signature&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">signature</span>

                <span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">redirect_to</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">get_slo_url</span><span class="p">(),</span> <span class="n">parameters</span><span class="p">)</span>

        <span class="k">else</span><span class="p">:</span>
            <span class="bp">self</span><span class="o">.</span><span class="n">__errors</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">&#39;invalid_binding&#39;</span><span class="p">)</span>
            <span class="k">raise</span> <span class="n">OneLogin_Saml2_Error</span><span class="p">(</span>
                <span class="s">&#39;SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding&#39;</span><span class="p">,</span>
                <span class="n">OneLogin_Saml2_Error</span><span class="o">.</span><span class="n">SAML_LOGOUTMESSAGE_NOT_FOUND</span>
            <span class="p">)</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.redirect_to"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.redirect_to">[docs]</a>    <span class="k">def</span> <span class="nf">redirect_to</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">url</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">parameters</span><span class="o">=</span><span class="p">{}):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Redirects the user to the url past by parameter or to the url that we defined in our SSO Request.</span>

<span class="sd">        :param url: The target URL to redirect the user</span>
<span class="sd">        :type url: string</span>
<span class="sd">        :param parameters: Extra parameters to be passed as part of the url</span>
<span class="sd">        :type parameters: dict</span>

<span class="sd">        :returns: Redirection url</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="k">if</span> <span class="n">url</span> <span class="ow">is</span> <span class="bp">None</span> <span class="ow">and</span> <span class="s">&#39;RelayState&#39;</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">[</span><span class="s">&#39;get_data&#39;</span><span class="p">]:</span>
            <span class="n">url</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">[</span><span class="s">&#39;get_data&#39;</span><span class="p">][</span><span class="s">&#39;RelayState&#39;</span><span class="p">]</span>
        <span class="k">return</span> <span class="n">OneLogin_Saml2_Utils</span><span class="o">.</span><span class="n">redirect</span><span class="p">(</span><span class="n">url</span><span class="p">,</span> <span class="n">parameters</span><span class="p">,</span> <span class="n">request_data</span><span class="o">=</span><span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">)</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.is_authenticated"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.is_authenticated">[docs]</a>    <span class="k">def</span> <span class="nf">is_authenticated</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Checks if the user is authenticated or not.</span>

<span class="sd">        :returns: True if is authenticated, False if not</span>
<span class="sd">        :rtype: bool</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">__authenticated</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.get_attributes"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.get_attributes">[docs]</a>    <span class="k">def</span> <span class="nf">get_attributes</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Returns the set of SAML attributes.</span>

<span class="sd">        :returns: SAML attributes</span>
<span class="sd">        :rtype: dict</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">__attributes</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.get_nameid"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.get_nameid">[docs]</a>    <span class="k">def</span> <span class="nf">get_nameid</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Returns the nameID.</span>

<span class="sd">        :returns: NameID</span>
<span class="sd">        :rtype: string</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">__nameid</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.get_errors"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.get_errors">[docs]</a>    <span class="k">def</span> <span class="nf">get_errors</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Returns a list with code errors if something went wrong</span>

<span class="sd">        :returns: List of errors</span>
<span class="sd">        :rtype: list</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">__errors</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.get_attribute"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.get_attribute">[docs]</a>    <span class="k">def</span> <span class="nf">get_attribute</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">name</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Returns the requested SAML attribute.</span>

<span class="sd">        :param name: Name of the attribute</span>
<span class="sd">        :type name: string</span>

<span class="sd">        :returns: Attribute value if exists or None</span>
<span class="sd">        :rtype: string</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="k">assert</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">name</span><span class="p">,</span> <span class="nb">basestring</span><span class="p">)</span>
        <span class="n">value</span> <span class="o">=</span> <span class="bp">None</span>
        <span class="k">if</span> <span class="n">name</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">__attributes</span><span class="o">.</span><span class="n">keys</span><span class="p">():</span>
            <span class="n">value</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">__attributes</span><span class="p">[</span><span class="n">name</span><span class="p">]</span>
        <span class="k">return</span> <span class="n">value</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.login"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.login">[docs]</a>    <span class="k">def</span> <span class="nf">login</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">return_to</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Initiates the SSO process.</span>

<span class="sd">        :param return_to: Optional argument. The target URL the user should be redirected to after login.</span>
<span class="sd">        :type return_to: string</span>

<span class="sd">        :returns: Redirection url</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="n">authn_request</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Authn_Request</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="p">)</span>

        <span class="n">saml_request</span> <span class="o">=</span> <span class="n">authn_request</span><span class="o">.</span><span class="n">get_request</span><span class="p">()</span>
        <span class="n">parameters</span> <span class="o">=</span> <span class="p">{</span><span class="s">&#39;SAMLRequest&#39;</span><span class="p">:</span> <span class="n">saml_request</span><span class="p">}</span>

        <span class="k">if</span> <span class="n">return_to</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span>
            <span class="n">parameters</span><span class="p">[</span><span class="s">&#39;RelayState&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">return_to</span>
        <span class="k">else</span><span class="p">:</span>
            <span class="n">parameters</span><span class="p">[</span><span class="s">&#39;RelayState&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Utils</span><span class="o">.</span><span class="n">get_self_url_no_query</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">)</span>

        <span class="n">security</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="o">.</span><span class="n">get_security_data</span><span class="p">()</span>
        <span class="k">if</span> <span class="n">security</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">&#39;authnRequestsSigned&#39;</span><span class="p">,</span> <span class="bp">False</span><span class="p">):</span>
            <span class="n">parameters</span><span class="p">[</span><span class="s">&#39;SigAlg&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Constants</span><span class="o">.</span><span class="n">RSA_SHA1</span>
            <span class="n">parameters</span><span class="p">[</span><span class="s">&#39;Signature&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">build_request_signature</span><span class="p">(</span><span class="n">saml_request</span><span class="p">,</span> <span class="n">parameters</span><span class="p">[</span><span class="s">&#39;RelayState&#39;</span><span class="p">])</span>
        <span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">redirect_to</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">get_sso_url</span><span class="p">(),</span> <span class="n">parameters</span><span class="p">)</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.logout"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.logout">[docs]</a>    <span class="k">def</span> <span class="nf">logout</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">return_to</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">name_id</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">session_index</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Initiates the SLO process.</span>

<span class="sd">        :param return_to: Optional argument. The target URL the user should be redirected to after logout.</span>
<span class="sd">        :type return_to: string</span>
<span class="sd">        :param name_id: Optional argument. The NameID that will be set in the LogoutRequest.</span>
<span class="sd">        :type name_id: string</span>
<span class="sd">        :param session_index: Optional argument. SessionIndex that identifies the session of the user.</span>
<span class="sd">        :type session_index: string</span>
<span class="sd">        :returns: Redirection url</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="n">slo_url</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">get_slo_url</span><span class="p">()</span>
        <span class="k">if</span> <span class="n">slo_url</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span>
            <span class="k">raise</span> <span class="n">OneLogin_Saml2_Error</span><span class="p">(</span>
                <span class="s">&#39;The IdP does not support Single Log Out&#39;</span><span class="p">,</span>
                <span class="n">OneLogin_Saml2_Error</span><span class="o">.</span><span class="n">SAML_SINGLE_LOGOUT_NOT_SUPPORTED</span>
            <span class="p">)</span>

        <span class="n">logout_request</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Logout_Request</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="p">)</span>

        <span class="n">saml_request</span> <span class="o">=</span> <span class="n">logout_request</span><span class="o">.</span><span class="n">get_request</span><span class="p">()</span>

        <span class="n">parameters</span> <span class="o">=</span> <span class="p">{</span><span class="s">&#39;SAMLRequest&#39;</span><span class="p">:</span> <span class="n">logout_request</span><span class="o">.</span><span class="n">get_request</span><span class="p">()}</span>
        <span class="k">if</span> <span class="n">return_to</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span>
            <span class="n">parameters</span><span class="p">[</span><span class="s">&#39;RelayState&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">return_to</span>
        <span class="k">else</span><span class="p">:</span>
            <span class="n">parameters</span><span class="p">[</span><span class="s">&#39;RelayState&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Utils</span><span class="o">.</span><span class="n">get_self_url_no_query</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">__request_data</span><span class="p">)</span>

        <span class="n">security</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="o">.</span><span class="n">get_security_data</span><span class="p">()</span>
        <span class="k">if</span> <span class="n">security</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">&#39;logoutRequestSigned&#39;</span><span class="p">,</span> <span class="bp">False</span><span class="p">):</span>
            <span class="n">parameters</span><span class="p">[</span><span class="s">&#39;SigAlg&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Constants</span><span class="o">.</span><span class="n">RSA_SHA1</span>
            <span class="n">parameters</span><span class="p">[</span><span class="s">&#39;Signature&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">build_request_signature</span><span class="p">(</span><span class="n">saml_request</span><span class="p">,</span> <span class="n">parameters</span><span class="p">[</span><span class="s">&#39;RelayState&#39;</span><span class="p">])</span>
        <span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">redirect_to</span><span class="p">(</span><span class="n">slo_url</span><span class="p">,</span> <span class="n">parameters</span><span class="p">)</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.get_sso_url"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.get_sso_url">[docs]</a>    <span class="k">def</span> <span class="nf">get_sso_url</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Gets the SSO url.</span>

<span class="sd">        :returns: An URL, the SSO endpoint of the IdP</span>
<span class="sd">        :rtype: string</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="n">idp_data</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="o">.</span><span class="n">get_idp_data</span><span class="p">()</span>
        <span class="k">return</span> <span class="n">idp_data</span><span class="p">[</span><span class="s">&#39;singleSignOnService&#39;</span><span class="p">][</span><span class="s">&#39;url&#39;</span><span class="p">]</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.get_slo_url"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.get_slo_url">[docs]</a>    <span class="k">def</span> <span class="nf">get_slo_url</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Gets the SLO url.</span>

<span class="sd">        :returns: An URL, the SLO endpoint of the IdP</span>
<span class="sd">        :rtype: string</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="n">url</span> <span class="o">=</span> <span class="bp">None</span>
        <span class="n">idp_data</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="o">.</span><span class="n">get_idp_data</span><span class="p">()</span>
        <span class="k">if</span> <span class="s">&#39;singleLogoutService&#39;</span> <span class="ow">in</span> <span class="n">idp_data</span><span class="o">.</span><span class="n">keys</span><span class="p">()</span> <span class="ow">and</span> <span class="s">&#39;url&#39;</span> <span class="ow">in</span> <span class="n">idp_data</span><span class="p">[</span><span class="s">&#39;singleLogoutService&#39;</span><span class="p">]:</span>
            <span class="n">url</span> <span class="o">=</span> <span class="n">idp_data</span><span class="p">[</span><span class="s">&#39;singleLogoutService&#39;</span><span class="p">][</span><span class="s">&#39;url&#39;</span><span class="p">]</span>
        <span class="k">return</span> <span class="n">url</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.build_request_signature"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.build_request_signature">[docs]</a>    <span class="k">def</span> <span class="nf">build_request_signature</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">saml_request</span><span class="p">,</span> <span class="n">relay_state</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Builds the Signature of the SAML Request.</span>

<span class="sd">        :param saml_request: The SAML Request</span>
<span class="sd">        :type saml_request: string</span>

<span class="sd">        :param relay_state: The target URL the user should be redirected to</span>
<span class="sd">        :type relay_state: string</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="o">.</span><span class="n">check_sp_certs</span><span class="p">():</span>
            <span class="k">raise</span> <span class="n">OneLogin_Saml2_Error</span><span class="p">(</span>
                <span class="s">&quot;Trying to sign the SAML Request but can&#39;t load the SP certs&quot;</span><span class="p">,</span>
                <span class="n">OneLogin_Saml2_Error</span><span class="o">.</span><span class="n">SP_CERTS_NOT_FOUND</span>
            <span class="p">)</span>

        <span class="n">xmlsec</span><span class="o">.</span><span class="n">initialize</span><span class="p">()</span>

        <span class="c"># Load the key into the xmlsec context</span>
        <span class="n">key</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="o">.</span><span class="n">get_sp_key</span><span class="p">()</span>
        <span class="n">file_key</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Utils</span><span class="o">.</span><span class="n">write_temp_file</span><span class="p">(</span><span class="n">key</span><span class="p">)</span>  <span class="c"># FIXME avoid writing a file</span>

        <span class="n">dsig_ctx</span> <span class="o">=</span> <span class="n">xmlsec</span><span class="o">.</span><span class="n">DSigCtx</span><span class="p">()</span>
        <span class="n">dsig_ctx</span><span class="o">.</span><span class="n">signKey</span> <span class="o">=</span> <span class="n">xmlsec</span><span class="o">.</span><span class="n">Key</span><span class="o">.</span><span class="n">load</span><span class="p">(</span><span class="n">file_key</span><span class="o">.</span><span class="n">name</span><span class="p">,</span> <span class="n">xmlsec</span><span class="o">.</span><span class="n">KeyDataFormatPem</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span>
        <span class="n">file_key</span><span class="o">.</span><span class="n">close</span><span class="p">()</span>

        <span class="n">data</span> <span class="o">=</span> <span class="p">{</span>
            <span class="s">&#39;SAMLRequest&#39;</span><span class="p">:</span> <span class="n">quote</span><span class="p">(</span><span class="n">saml_request</span><span class="p">),</span>
            <span class="s">&#39;RelayState&#39;</span><span class="p">:</span> <span class="n">quote</span><span class="p">(</span><span class="n">relay_state</span><span class="p">),</span>
            <span class="s">&#39;SignAlg&#39;</span><span class="p">:</span> <span class="n">quote</span><span class="p">(</span><span class="n">OneLogin_Saml2_Constants</span><span class="o">.</span><span class="n">RSA_SHA1</span><span class="p">),</span>
        <span class="p">}</span>
        <span class="n">msg</span> <span class="o">=</span> <span class="n">urlencode</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
        <span class="n">signature</span> <span class="o">=</span> <span class="n">dsig_ctx</span><span class="o">.</span><span class="n">signBinary</span><span class="p">(</span><span class="n">msg</span><span class="p">,</span> <span class="n">xmlsec</span><span class="o">.</span><span class="n">TransformRsaSha1</span><span class="p">)</span>
        <span class="k">return</span> <span class="n">b64encode</span><span class="p">(</span><span class="n">signature</span><span class="p">)</span>
</div>
<div class="viewcode-block" id="OneLogin_Saml2_Auth.build_response_signature"><a class="viewcode-back" href="../../saml2.html#saml2.auth.OneLogin_Saml2_Auth.build_response_signature">[docs]</a>    <span class="k">def</span> <span class="nf">build_response_signature</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">saml_response</span><span class="p">,</span> <span class="n">relay_state</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Builds the Signature of the SAML Response.</span>
<span class="sd">        :param saml_request: The SAML Response</span>
<span class="sd">        :type saml_request: string</span>

<span class="sd">        :param relay_state: The target URL the user should be redirected to</span>
<span class="sd">        :type relay_state: string</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="o">.</span><span class="n">check_sp_certs</span><span class="p">():</span>
            <span class="k">raise</span> <span class="n">OneLogin_Saml2_Error</span><span class="p">(</span>
                <span class="s">&quot;Trying to sign the SAML Response but can&#39;t load the SP certs&quot;</span><span class="p">,</span>
                <span class="n">OneLogin_Saml2_Error</span><span class="o">.</span><span class="n">SP_CERTS_NOT_FOUND</span>
            <span class="p">)</span>

        <span class="n">xmlsec</span><span class="o">.</span><span class="n">initialize</span><span class="p">()</span>

        <span class="c"># Load the key into the xmlsec context</span>
        <span class="n">key</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">__settings</span><span class="o">.</span><span class="n">get_sp_key</span><span class="p">()</span>
        <span class="n">file_key</span> <span class="o">=</span> <span class="n">OneLogin_Saml2_Utils</span><span class="o">.</span><span class="n">write_temp_file</span><span class="p">(</span><span class="n">key</span><span class="p">)</span>  <span class="c"># FIXME avoid writing a file</span>

        <span class="n">dsig_ctx</span> <span class="o">=</span> <span class="n">xmlsec</span><span class="o">.</span><span class="n">DSigCtx</span><span class="p">()</span>
        <span class="n">dsig_ctx</span><span class="o">.</span><span class="n">signKey</span> <span class="o">=</span> <span class="n">xmlsec</span><span class="o">.</span><span class="n">Key</span><span class="o">.</span><span class="n">load</span><span class="p">(</span><span class="n">file_key</span><span class="o">.</span><span class="n">name</span><span class="p">,</span> <span class="n">xmlsec</span><span class="o">.</span><span class="n">KeyDataFormatPem</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span>
        <span class="n">file_key</span><span class="o">.</span><span class="n">close</span><span class="p">()</span>

        <span class="n">data</span> <span class="o">=</span> <span class="p">{</span>
            <span class="s">&#39;SAMLResponse&#39;</span><span class="p">:</span> <span class="n">quote</span><span class="p">(</span><span class="n">saml_response</span><span class="p">),</span>
            <span class="s">&#39;RelayState&#39;</span><span class="p">:</span> <span class="n">quote</span><span class="p">(</span><span class="n">relay_state</span><span class="p">),</span>
            <span class="s">&#39;SignAlg&#39;</span><span class="p">:</span> <span class="n">quote</span><span class="p">(</span><span class="n">OneLogin_Saml2_Constants</span><span class="o">.</span><span class="n">RSA_SHA1</span><span class="p">),</span>
        <span class="p">}</span>
        <span class="n">msg</span> <span class="o">=</span> <span class="n">urlencode</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
        <span class="kn">import</span> <span class="nn">pdb</span><span class="p">;</span> <span class="n">dbp</span><span class="o">.</span><span class="n">set_trace</span><span class="p">()</span>
        <span class="k">print</span> <span class="n">msg</span>
        <span class="n">data2</span> <span class="o">=</span> <span class="p">{</span>
            <span class="s">&#39;SAMLResponse&#39;</span><span class="p">:</span> <span class="n">saml_response</span><span class="p">,</span>
            <span class="s">&#39;RelayState&#39;</span><span class="p">:</span> <span class="n">relay_state</span><span class="p">,</span>
            <span class="s">&#39;SignAlg&#39;</span><span class="p">:</span> <span class="n">OneLogin_Saml2_Constants</span><span class="o">.</span><span class="n">RSA_SHA1</span><span class="p">,</span>
        <span class="p">}</span>
        <span class="n">msg2</span> <span class="o">=</span> <span class="n">urlencode</span><span class="p">(</span><span class="n">data2</span><span class="p">)</span>
        <span class="k">print</span> <span class="n">msg2</span>
        <span class="n">signature</span> <span class="o">=</span> <span class="n">dsig_ctx</span><span class="o">.</span><span class="n">signBinary</span><span class="p">(</span><span class="n">msg</span><span class="p">,</span> <span class="n">xmlsec</span><span class="o">.</span><span class="n">TransformRsaSha1</span><span class="p">)</span>
        <span class="k">return</span> <span class="n">b64encode</span><span class="p">(</span><span class="n">signature</span><span class="p">)</span></div></div>
</pre></div>

          </div>
        </div>
      </div>
      <div class="sphinxsidebar">
        <div class="sphinxsidebarwrapper">
<div id="searchbox" style="display: none">
  <h3>Quick search</h3>
    <form class="search" action="../../search.html" method="get">
      <input type="text" name="q" />
      <input type="submit" value="Go" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
    <p class="searchtip" style="font-size: 90%">
    Enter search terms or a module, class or function name.
    </p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
      <div class="clearer"></div>
    </div>
    <div class="related">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="../../genindex.html" title="General Index"
             >index</a></li>
        <li class="right" >
          <a href="../../py-modindex.html" title="Python Class Index"
             >modules</a> |</li>
        <li><a href="../../index.html">SAML Python library classes and methods</a> &raquo;</li>
          <li><a href="../index.html" >Class code</a> &raquo;</li>
      </ul>
    </div>
    <div class="footer">
      Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
    </div>
  </body>
</html>
